I've been playing with some code with encrypts the script and generates a self decrypting executable. The executable writes the output to a temporary file and runs kix. The first thing the script does is delete itself. As long as the script is short enough and loaded into memory it works pretty well. The problem is that the temporary file is there, albeit for a short time. If kix could read its script file from stdin I wouldn't need the temporary file, although it'd still be subject to attack by a memory dump, or someone using a debug utility to step through the executable and stop before the script is called.In all I can't think of a secure solution that doesn't require that the decrypting is done on the fly within the interpreter.
